Air Canada
Specialist, Cyber Threat Intelligence
Air CanadaCanada9 hours ago
Full-timeOther, Information Technology +1
Being part of Air Canada is to become part of an iconic Canadian symbol, recently ranked the best Airline in North America. Let your career take flight by joining our diverse and vibrant team at the leading edge of passenger aviation.

The Specialist, Cyber Threat Intelligence is responsible for proactively identifying, analyzing, and disrupting cyber threats targeting the organization. This role blends strategic and tactical threat intelligence with hands-on threat hunting, enabling early detection of advanced adversaries, emerging attack techniques, and targeted campaigns.

Responsibilities

  • Develop, document, monitor and maintain information security standards, policies and protocols to ensure organizational infrastructure, data and resources are protected from unauthorized and inappropriate use or access
  • Collect, analyze, and contextualize cyber threat intelligence from OSINT, dark web, closed sources, ISACs, vendor feeds, and internal telemetry
  • Track threat actors targeting the organization’s industry, technology stack, and geographic footprint.
  • Conduct hypothesis-driven and intelligence-led threat hunts across endpoint, network, cloud, and identity platforms
  • Identify gaps in detection coverage and work with engineering teams to improve rules, alerts, and logging
  • Validate intelligence by correlating external threat data with internal activity
  • Perform deep adversary analysis, including long-term tracking of threat groups, infrastructure reuse, malware lineage, and campaign evolution
  • Translate complex technical intelligence into business risk language for executive leadership and operational stakeholders
  • Perform incident response, forensics and investigation activities as needed or requested over security incidents and/or security breaches
  • Provide expertise in the definition, selection and implementation of IT Security and Business Continuity related controls to the IT Department
  • Develop and communicate organizational objectives; inspire, motivate and train team members to follow and achieve organizational security standards
  • Provide security advisory services by conducting tests on a current system to determine vulnerable areas
  • Provide management with business/economic impact and compliance issues surrounding key business decisions
  • Define and maintain methods, techniques and calculations for identifying ways to improve business/technical processes
  • Provide technology specific financial inputs related to a key functional area

Qualifications

  • A relevant University degree/technical certification, and/or relevant experience commensurate to the role
  • 5+ years of hands-on professional experience in Cyber Threat Intelligence and Threat Hunting within large enterprise or critical infrastructure environments
  • Deep, applied understanding of adversary tradecraft, including intrusion kill chains, MITRE ATT&CK, Diamond Model, malware families, exploitation techniques, persistence mechanisms, and threats targeting aviation and critical infrastructure sectors
  • Demonstrated experience conducting intelligence-led and hypothesis-driven threat hunts
  • Strong hands-on experience with threat intelligence platforms (TIPs), including IOC ingestion, enrichment, scoring, aging, and operational deployment
  • Proven ability to perform malware and campaign analysis, correlating samples, infrastructure, C2 patterns, payload behavior, delivery mechanisms, and underground chatter into cohesive adversary assessments
  • Experience with dark web monitoring, closed forums, leak sites
  • Advanced log analysis and data correlation skills to identify low-signal, stealthy, or novel adversary activity
  • Hands-on experience developing automation pipelines, scripts, or tooling (Python, PowerShell, APIs, SOAR, etc.) to support intelligence collection, normalization, enrichment, and dissemination
  • Experience with query languages and analytics (KQL, SPL, SQL, etc.) to support threat hunting, detections, and investigations
  • Experience building custom intelligence and threat dashboards (Splunk, Kibana, Grafana, Power BI) to track adversary campaigns, infrastructure, trends, and risk indicators
  • Ability to translate raw intelligence into actionable detections
  • Proven capability to work independently on complex investigations, prioritize competing intelligence requirements
  • Relevant security certifications preferred (e.g., GCTI, GIAC), or equivalent demonstrated expertise through operational experience
  • Adaptability and Flexibility - The ability to keep functioning effectively when under pressure and/or experiencing rapidly changing or uncertain conditions, and to maintain self-control in the face of hostility or provocation. Openness to different and new ways of doing things; willingness to modify one’s preferred way of doing things
  • Accountability and Credibility - Takes responsibility for the results and future direction of the organization. Demonstrated concern that one be perceived as responsible, reliable, and trustworthy
  • Customer Orientation - Demonstrated concern for satisfying one’s external and/or internal customers
  • Results Orientation - Focusing on the desired end result of one’s own or one’s unit's work; setting challenging goals, focusing effort on the goals, and meeting or exceeding them
  • Forward Thinking - Anticipating the implications and consequences of situations and taking appropriate action to be prepared for possible contingencies
  • Fostering Teamwork - As a team member, the ability and desire to work cooperatively with others on a team. As a team leader, interest, skill, and success in getting groups to learn to work together cooperatively
  • Analytical Thinking - Approaching a problem by using a logical, systematic, sequential approach
  • Interpersonal Effectiveness - The ability to notice, interpret, and anticipate others’ concerns and feelings, and to communicate this awareness empathetically to others
  • Demonstrate punctuality and dependability to support overall team success in a fast-paced environment.

Conditions Of Employment

Candidates must be eligible to work in the country of interest, at the time any offer of employment is made and seeking any required work permits/visas or other authorizations which may be required is the sole responsibility of the candidates applying for this position.

Linguistic Requirements

Based on equal qualifications, preference will be given to bilingual candidates.

Diversity and Inclusion

Air Canada is strongly committed to Diversity and Inclusion and aims to create a healthy, accessible and rewarding work environment which highlights employees’ unique contributions to our company’s success.

As an equal opportunity employer, we welcome applications from all to help us build a diverse workforce which reflects the diversity of our customers, and communities, in which we live and serve.

Air Canada thanks all candidates for their interest; however only those selected to continue in the process will be contacted.

Key Skills

Ranked by relevance
Apply